1. A bigger market share does not ensure more viruses. There's no point in writing viruses for exploits that don't exist. The viruses exist because the holes are there, not just because the OS exists and it might be fun to throw rocks at it. And if it were primarily a numbers game, then shouldn't there be a lot of viruses out there for the areas that Microsoft doesn't dominate, such as web servers? Many (if not most) of those are hosted on non-microsoft platforms. Worms exist for the server software (php, apache, etc.) but not many are targeted at the OS itself, except for MS.

2. You're right concerning security through obscurity. However, what's more obscure than window's source code? Shouldn't it be easier to write viruses when you can go through the code for problems?

3. Security and usability are diametrically opposed? So, should we just give up? What about secure, documented, and validated software? These two things are only opposites when people spit out some half-assed software, with no foresight or emphasis on security, which is what MS did for a long time. Now they are making some steps in the right direction, but sp2 broke several apps on my machine. People say it wasn't Microsoft's fault, but what does that say about the security of XP when it shipped in the first place? And many of my problems affected hardware that was "XP Certified".

Now, I'm not saying that linux or BSD or whatever has all the answers. Maybe MS can buy their way into some good technology, and provide some good security with their plain old basic Home edition, or whatever they are going to call their entry level OS when they finally release it.

Oh yeah, and to answer your question, yes, I do think that a computer should be sold to me that is secure. What's more, your "Joe Sixpack" thinks it should be as well, he just doesn't have the time or energy to mess with it.

December 15th, 2005, 03:42 PM

tenzenryu

Hi,

D**n, I'll have to up the 'anti'.

I think you have to remember the background to all OS security development over the past few years. The previous thing was 'functionality' up to the gills, now it's 'security'. MS like everyone else is jumping on the bandwagon.

Yurt Ennez

December 15th, 2005, 04:24 PM

KeyserSoze

While it is true that most mainstream OSs' focus on security has heightened in the past few years, some had an eye on it the whole time. Some were always meant to be multi-user from the git-go. Some have been built on a base that lends itself to security. Windows is not one of those. That's not to say that any others have it perfect, but the road map you describe is the one of Windows, not everyone.

There are some things that Windows has done right. As has been well documented in threads here recently, they do have a more robust set of access controls than the traditional *nix model (at least in Pro). But, there's a reason that Longhorn has been delayed so much. And there's a reason why xp sp2 broke so many things for so many people. They have tried to introduce security into an insecure system, and to do it, they had to change too many things. Starting from scratch is probably the best thing they can do, but then how pissed are people going to be when they can't run their old apps on it? How many developers are going to have to do a serious rewrite of their code?

My thing is, don't say that "all operating systems are the same"; they're not. There is a difference. And Window's performance record, with regards to security, has been shoddy. More shoddy than many other systems, and it's not because there are more of them out there.

December 15th, 2005, 04:49 PM

d0pp

[rant]
As we all know... "Joe Sixpack" is a whiny little bitch.

Technology will never be right as far as the end user is concerned. Usability and security are not directly opposed to each other, but ever password and authentication step does take away from what most people consider usability.

I consider usability to be the fact that I will be able to "use" it, without getting fux0red. I don't give a rat's ass about having to enter a password, or take an extra step or two.

[/rant]

And MacOS is not a bad OS, but as far as being in any way superiorly secured... I'd have to disagree. When I was in CT, I used to break into this dude's ibook almost daily. Thank God for cybercafe's. MacOS is becoming just as bloated and full of bullshit as Windows.

I'm not condoning what I did, but I would like to say I was not malicious. I just had a bit of fun. And it passed the time.

EDIT: I need to add that many of the "security" problems that users have are directly related to their surfing habits and stupid things they do.

December 15th, 2005, 09:15 PM

tenzenryu

Quote:

Originally posted here by KeyserSoze They have tried to introduce security into an insecure system, and to do it, they had to change too many things. Starting from scratch is probably the best thing they can do, but then how pissed are people going to be when they can't run their old apps on it? How many developers are going to have to do a serious rewrite of their code?

Hi,

Actually this is quite amusing when you think of it in terms of the Internet. It was not designed with security in mind (or at least not what we mean by security) and I haven't heard anyone proposing we start it from scratch.

Also, MS is not the establishment. The establishment is everyone who is in this for commercial gain. The market ultimately determines security requirements whether we wish it too or not. The concept is one of 'acceptable losses' not total security. If a virus blows out your PC, it's not the end of the world. You clean it up and start over - or pay someone to do it for you.

enzt enuyr

December 15th, 2005, 10:09 PM

KeyserSoze

Quote:

Actually this is quite amusing when you think of it in terms of the Internet. It was not designed with security in mind (or at least not what we mean by security) and I haven't heard anyone proposing we start it from scratch.

Uhhh....whatever. Since when were we discussing the security of the net? I thought we were discussing the security of computing devices, specifically end-users and servers. The overall security of the net, along with the devices that power it, is another situation entirely.

Quote:

Also, MS is not the establishment. The establishment is everyone who is in this for commercial gain.

Ok. So MS is not in it for commercial gain? Yes they are, so by your definition, they are the establishment.

By my definition, the establishment is the entity that is most established, which would be MS. What I referred to are people (like yourself) who seem to get off on ranting about how they are tired of "anti-establishment" (or whatever else you would like to call linux advocates/zealots) people pounding the message boards (which I don't think was even the case here). So I termed "anti-anti-establishment", which was supposed to be a grammatically incorrect, sarcastical term to describe people engaging in said ranting.

Quote:

The market ultimately determines security requirements whether we wish it too or not. The concept is one of 'acceptable losses' not total security. If a virus blows out your PC, it's not the end of the world. You clean it up and start over - or pay someone to do it for you.

Very true. So when someone posts a link to an article that advises that the public (read: consumer) to look to alternatives (read: choices in a free market economy) for increased security (read: desired product/service), then I think we ought to let said market sort it out, and not dismiss other opinions and options just because MS is "on the right track", or because we're tired of hearing how their OS has been victimized again. If it's getting old, it's because it happens so often.

December 18th, 2005, 12:37 AM

scittish

&lt;rant&gt;I support Sophos. Please, please, please, everyone go out and buy a Mac for you, your friends and all your family members. Let 75% of businesses switch to Mac...please. Then, the virus code writers will target the Mac OS and leave me alone.&lt;/rant&gt;

Basically, whichever OS serves the masses of lusers is going to be the one that is targetted. You can point out flaws in MS/Windows all you want, but the fact of the matter is that it boils down to the users themselves. If people knew five simple basics (download the patches, install a firewall, install an anti-virus software, create a Non-priveledged account for daily use, and don't click on anything stupid) they would thwart 90% of malicious code. Additionally, Unix and Linux are just as vulnerable as Windows if they aren't locked down properly. The best thing you can do is lock-down your box and teach all your friends how to lock-down theirs.

BTW, you'll notice that those four steps are NOT OS specific. Those should be done on every box, every patform, and every user.

[Edit] In haste I forgot to add patching...sry. [/Edit]

December 18th, 2005, 12:44 AM

tenzenryu

Hi,

I am neither anti estab nor non anti estab. I just think MS are headed in a direction which will include security but is not security up to the eyebrows in the way we would like to see it.

And I agree with the last poster about making people aware but... here's the stupid part...some companies are making security their selling point e.g. AOL advertised that you could switch on antivirus, firewall, parental control etc. My question is: why - apart perhaps from the last one - would you want to make any of those optional?

And MacOS is not a bad OS, but as far as being in any way superiorly secured... I'd have to disagree. When I was in CT, I used to break into this dude's ibook almost daily. Thank God for cybercafe's. MacOS is becoming just as bloated and full of bullshit as Windows.

I'm not condoning what I did, but I would like to say I was not malicious. I just had a bit of fun. And it passed the time.

EDIT: I need to add that many of the "security" problems that users have are directly related to their surfing habits and stupid things they do.

I'm just curious as to why you were able to break into his iBook? I'm asking because I have an iBook and I'm wondering if there is anything I can do to secure my laptop that I may not be aware of. Sorry if that's off the subject so I'll contribute as best I can to this conversation.

I'm somewhat of a linux fan and I've heard lots of reasons why linux is more secure. You guys pretty much covered it as well as linux being programmed a bit better. I was hoping Mac OS X was the same way, and some people say it is, but I suppose we'll see.

If Microsoft doesn't secure its OS, I do plan on exploring other avenues, even if it means installing Linux or BSD on my iBook or whatever laptop I happen to have at the time.

I guess one thing we can do is try and join forces and make people more security aware or at least help friends and family and co-workers, etc., in securing their computers.

March 4th, 2006, 03:27 AM

rapier57

Well, yesterday Apple released a bunch of security updates for the Mac OS X. Some were critical. You want to secure your iBook, get the updates pronto!

As for the Mac OS X, it is based on BSD and NextStep. The main reason the Mac seems more secure is that it hasn't been a target since the early 1990's. That is changing, largely due to the "Mac is more secure" marketing and word of mouth. The Mac users are just begging to have a big target painted on their systems.

Here are some questions to put to your Mac using friends and family: Do you have an anti-virus on your iBook, or did you believe the BS from the Mac Store sales droid? Is the firewall up? Do you use iChat? Were you aware that one of the main, critical vulnerabilities currently on the Mac is in iChat? Have you been updating your Mac OS X regularly, or checking that it is being done?

+++++++++++
Oh, yeah, normally, when the dates are blinking, that means this is a dead thread. It is considered bad form to bring up a dead thread.
+++++++++++